Hello everyone, I've noticed some unusual behavior while debugging my application on the iOS 26 beta. My standard testing process relies on the App Tracking Transparency (ATT) authorization status being reset whenever I uninstall and reinstall my app. This is crucial for me to test the permission flow. However, on the current beta, I've observed the following: 1 I installed my app on a device running the iOS 26 beta for the first time. The ATTrackingManager.requestTrackingAuthorization dialog appeared as expected. 2 I completely uninstalled the application. 3 I then reinstalled the app. Unexpected Result: The tracking permission dialog did not appear. And more importantly, the device's advertisingIdentifier appears to have remained unchanged. This is highly unusual, as the IDFA is expected to be reset with a fresh app installation. My question: Is this an intentional change, and is there a fundamental shift in how the operating system handles the persistence of the IDFA or the authorization status? Or could this be a bug in the iOS 26 beta? Any information or confirmation on this behavior would be greatly appreciated.

Hi everyone, I'm facing a frustrating App Store rejection that I can't seem to resolve. My app was rejected under Guideline 2.1 - Information Needed with the following message: "The app uses the AppTrackingTransparency framework, but we are unable to locate the App Tracking Transparency permission request when reviewed on iPadOS 18.5." However, in my latest version (2.9 Build 18), I have: Removed all SDKs that collect IDFA or perform tracking. Removed the AppTrackingTransparency framework entirely. Removed the NSUserTrackingUsageDescription key from Info.plist. Confirmed that no third-party SDKs are accessing IDFA or similar. Not using the app_tracking_transparency package (I'm using Flutter). I included a detailed review note explaining all of this, yet the app still gets rejected for not showing the ATT prompt — even though ATT is not used at all. Also, I can't update the App Privacy section until this new version is approved, which still reflects tracking from a previous live version (2.3). Has anyone faced something similar? Questions: Is there a way to confirm what part of the build might still be triggering ATT detection on Apple's side? Could an unused pod or leftover reference be the issue? How do I fully verify that ATT is not linked anywhere in the final binary? Any guidance or tips from others who’ve resolved this would be hugely appreciated! Thanks

We are experiencing a significant issue with the SKStoreReviewController.requestReview(in: scene) API that may be affecting our app's rating collection on the App Store. Issue Details: Development Environment Behavior: The rating popup displays consistently in development builds (as expected per documentation) API calls are functioning correctly in our test environment Production Environment Issue: We have observed a major drop in App Store ratings received between January and July 2025 The same codebase that works in development is deployed to production Analytics Confirmation: Before calling SKStoreReviewController.requestReview() in production, we fire analytics tags to track API invocations Our analytics show no drop in the number of times this API is being called This confirms the API is being invoked correctly in production Discrepancy: Despite consistent API calls (confirmed by analytics), we see a major drop in actual ratings received on the App Store This suggests the rating popup may not be displaying to users in production, even though the API call is successful Questions: Are there any known issues with SKStoreReviewController.requestReview() API between January-July 2025? Are there any iOS version-specific issues that might prevent the popup from appearing in live app? What debugging steps do you recommend to identify why the API calls aren't resulting in visible rating prompts?

When presenting a cookie banner for GDPR purposes, should ATT precede the cookie banner? It seems that showing a Cookie Banner and then showing the ATT permission prompt afterwards (if a user elects to allow cookies/tracking) would be more appropriate. Related question: Should the “Allow Tracking” toggle for an app in system settings serve as a master switch for any granular tracking that might be managed by a 3rd party Consent Management Platform? If ATT is intended to serve as a master switch for tracking consent, if the ATT prompt is presented before a cookie banner, should the banner even appear if a user declines tracking consent? I’m not finding any good resources that describe this flow in detail and I’m seeing implementations all over the place on this. Help! Thanks!!!

Hi Apple Devs & WebKit Team, We operate https://excnum.com — a personal website currently under reconstruction. It's HTTPS-secure, hosted on a clean VPS, and now features a simple placeholder page with no active forms, scripts, or external redirects. However, Safari on both iOS and macOS is flagging it as a “deceptive website”, blocking all access. This warning appears even though: The site uses a valid SSL certificate via Cloudflare There are no redirects, tracking scripts, or dynamic code We serve a static landing page (“under maintenance”) with zero interaction No malware, phishing, or obfuscation exists — verified with multiple tools A review request has already been submitted at: https://websitereview.apple.com We believe the site may have been blacklisted previously under past ownership or prior configurations. It has since been completely restructured and cleared, but the Safari warning persists. This false flag is harming visibility and trust for an otherwise neutral website. Any advice on how to expedite re-evaluation or request a manual delisting from the deceptive site list would be much appreciated. Thank you! — Alex Admin, EXCNUM.COM

Hi everyone, I'm developing an iOS app using the AppsFlyer SDK. I understand that starting with iOS 14.5, if a user denies the App Tracking Transparency (ATT) permission, we are not allowed to access the IDFA or perform cross-app tracking. However, I’d like to clarify which in-app events are still legally and technically safe to send when the user denies ATT permission. Specifically, I want to know: Is it acceptable to send events like onboarding_completed, paywall_viewed, subscription_started, subscribe, subscribe_price, or app_opened if they are not linked to IDFA or any form of user tracking? Would sending such internal behavioral events (used purely for SKAdNetwork performance tracking or in-app analytics) violate Apple’s privacy policy if no device identifiers are attached? Additionally, if these events are sent in fully anonymous form (i.e., not associated with IDFA, user ID, email, or any identifiable metadata), does Apple still consider this a privacy concern? In other words, can onboarding_completed, paywall_viewed, subsribe, subscribe_price, etc., be sent in anonymous format without violating ATT policies? Are there any official Apple guidelines or best practices that outline what types of events are considered compliant in the absence of ATT consent? My goal is to remain 100% compliant with Apple’s policies while still analyzing meaningful user behavior to improve the in-app experience. Any clarification or pointers to documentation would be greatly appreciated. Thanks in advance!

After i install ios 26 i can’t go back to other videos after i comment on tiktok videos

what is that makes the TLS be the TLS/SErver ?

Dear Apple team, I am trying to deploy our new WalkShop app. It is a new react-native version I rebuilt with a newer version of my tech stack. I added the PrivacyInfo.xcprivacy using Xcode and it is in the folder of the app. The content of it is: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>NSPrivacyTracking</key> <true/> </dict> </plist> The review process fails constantly and the email I get tells me that the NSPrivacyTracking needs to be true or the manifest should be vailid What is missing in this file and how can I do a validation check myself before submitting the new app?

https://developer.apple.com/documentation/apptrackingtransparency/attrackingmanager/authorizationstatus/notdetermined Note: Discussion If you call ATTrackingManager.trackingAuthorizationStatus in macOS, the result is always ATTrackingManager.AuthorizationStatus.notDetermined. So, does macOS support getting ATT?

Howdy. I'm trying to access media from a users song library and receive: <ICUserIdentityStoreACAccountBackend: 0x148f8af30> Failed to initialize active account, error=Error Domain=ICError Code=-7013 "Client is not entitled to access account store" UserInfo={NSDebugDescription=Client is not entitled to access account store} I'm told I need to add a Media Library Access Capability. Nothing like this shows up in Xcode under Signing & Capabilities > +Capabilities. Also I can't find anything like this in my account in dev.apple.com. How do I enable myself and a test user using another iPhone device to access my music and their music respectively? Thanks!

Hi Apple Devs & WebKit Team, We operate https://outdoorgala.com — a verified, HTTPS-secure Canadian ecommerce site focused on elite outdoor safety gear. We're Indigenous-owned, based in Alberta, and take customer trust and compliance seriously. However, Safari (iOS + macOS) is falsely flagging our site as “deceptive,” preventing customers from accessing us — even though: We use GoDaddy Website Builder with no redirections or malware All product links are clean, HTTPS-secure, and tracked ethically We recently implemented a fully compliant cookie banner (Accept/Decline logic) A public security.txt and OpenPGP key has been published: https://outdoorgala.com/security No phishing, malware, or cloaking behavior exists on the site We’ve already submitted a review via: ➡️ https://websitereview.apple.com And filed a bug report via Feedback Assistant (FB17608544) What else can be done to speed up review or get flagged domains unblocked in Safari? This is hurting our business and blocking consumer access — despite following all Apple guidelines. Would appreciate any insights or escalation tips. Thank you! – Derek Eiteneier Founder, Outdoor Gala

When developing and testing using my phone I got prompted for allowing app tracking. I later uploaded a build to TestFlight, deleted the old testing app and installed the TestFlight build. I am now stuck in an infinite loop of not getting prompted for allowing app tracking for the app. When entering the app settings the toggle for tracking never appears which leaves me not able to enter the app's content. My guess is that the prompt can only be shown once for the app bundle, but there has to be a way for me to get prompted again without changing the app bundle id. Help is appreciated since this app is scheduled to be published in a week.

Hi, Xcode Instruments shows multiple Points of Interest with the information that the framework is not listed in my Privacy Manifest. However, I have already included them in the Privacy Manifest under the privacy tracking domains. I have this problem with every tracking domain i listed in the Privacy Manifest's Privacy Tracking Domains. Did I make a mistake in my Privacy Manifest declaration?

Hi everyone, I'm working on an app for parents and kids where parents can define screen time goals or restrict usage of certain app categories (like social media or games). If the kid follows those rules—for example, by using their device less or avoiding restricted categories—they would earn points or rewards in the app. I’ve been exploring if the Apple Screen Time API allows developers to access this kind of data (like total screen time, app usage by category, etc.) so that I can track the kid’s behavior and reward them accordingly. Is it possible to programmatically access this data and implement such a reward system within my app? If so, what’s the best way to get started or which APIs should I look into? Thanks in advance for your help!

Is there a delay or problem at the OS end during subsequent jack connections if IOS is running a Bluetooth and beacon connection and it stays without a connection for a few hours?

Hello, I was wondering how Apple creates the opt-in figure in Apple Connect for my App. For example the installations are only the opt-ins. BUT - I do not have any analytics implemente and I don't have the Apple ATT Layer at the beginning, with which the user can allow or decline the tracking. How is the number possible in AppStore Connect? Does somebody know?

Hello Apple Developer Community, I recently encountered a serious security issue involving a third-party app development company that requested full JSON API key access to my Apple Developer account. After conducting research, I realized that granting this access would allow permanent backend control over my app—even after our contract ended. Key Issue: • Third-party developers extract JSON API keys from client accounts. • These keys allow unrestricted backend access, even after being removed from the account. • With this access, they can: • Modify apps remotely • Interfere with financial settings • Restrict client access while maintaining their own backend control Why This Matters: • This could be happening at scale, affecting many developers unknowingly. • It’s a major security risk—developers could be losing control of their apps without realizing it. • Apple’s policies do not explicitly warn against this kind of practice, which leaves developers vulnerable. I Need Guidance: • Is there an official Apple security team I can report this to? • How can developers safeguard themselves from these kinds of exploits? • Does Apple have a protocol for auditing third-party developer activity within client accounts? I have full documented evidence of this practice, including chat logs, emails, and technical breakdowns. This is a serious issue that needs the right eyes on it. Please advise on the next steps Apple recommends for reporting and addressing this vulnerability. Kindly find my evidence below. https://drive.google.com/drive/folders/1uZnAvJE48OazvSgMYr6-wSB1Ss5rF5r4

Hello, I'm trying to publish my app, but I'm constantly getting rejected by Apple. They're telling me I'm having issues with tracking user data. This item has been rejected for the following reasons: 5.1.2 Legal: Privacy - Data Use and Sharing I've indicated that I don't use this data for ads, that it's only used for personalization and to understand who saves items. I added the NSUserTrackingUsageDescription property to the info.plist. I run AppTrackingTransparency.requestTrackingAuthorization() when the user logs into the app, displaying a warning message. I'd say I meet all the requirements they've set for me, but they still haven't approved my app. What do you recommend? How can I speak to a physical person who can help me? Thank you very much and best regards.

Hi recent app update review was rejected because we were informed we had to implement the App Transparency Tracking UI to let users choose. (we had just successfully published two days prior to this, and we need to get some bug fixes out with a new submission) Nothing about the app with respect to data collection had changed between the successful submission and the rejection and still wondering why we were rejected for that reason. We do not track data. We do collect user info and info about app usage for user account login and app performance analytics, and also for our development cycle. So I updated the app to present the Tracking Transparency UI at startup and that is all good. Now I add the app to the submission form, and I go update our privacy policy to define what data we collect and how we are using it. I publish the updated privacy information. but now I am stuck. The submission page returns a message that I have to set up the privacy data to be able to submit for review Your app contains NSUserTrackingUsageDescription, indicating that it may request permission to track users. To submit for review, update your App Privacy response to indicate that data collected from this app will be used for tracking purposes, or update your app binary and upload a new build. Learn More But I have already defined and published that privacy data. It seems it is not finding the Privacy data or what? What could be going wrong here? Thanks for any ideas!